Webbing is the first to offer a connectivity solution for full data localization of eSIMs in the country

by Yoram Zerahia

Most countries of the world already have regulations on connectivity, data sovereignty, and data protection, and some have them drafted. From February 2021 to March 2023 seventeen new countries enacted data privacy laws, bringing the total to 162 globally. Experts say it is likely that eventually this type of legislation will become ubiquitous across the globe – probably even within this decade.

Turkey is no exception. Over the last few years, the country has enforced stringent legislation in terms of connectivity and data localization. That set of regulations includes restrictions on roaming, directives on e-calls for automobiles and even a dedicated decision on data localization for eSIM technologies.

While being aimed at ensuring data protection, these regulations have had both immediate and prolonged effects on enterprises deploying their connected devices to the country. Upon implementation of these restrictions some OEMs faced problems with the devices already shipped to Turkey – for example, automotive manufacturers had to shut down some connected services in their cars so as not to fall under the scope of the regulation. For others, including device manufacturers and connectivity operators, it meant that now every deployment would have to comply with a number of new requirements, which, in turn, would demand suitable connectivity solutions.

The challenge

Permanent roaming is not allowed in Turkey. A device may roam on Turkish networks no more than 90 days in total per 120 day period, and to remain connected after that it has to use a SIM or eSIM profile from a local operator. This ban mostly affects IoT devices, since consumer devices rarely need to roam that long and it is easy to buy and insert a local SIM, while for IoT device it may become a serious problem, especially if the device is deployed in hard-to-reach location or is hard to manipulate. Usually this can be solved by using an eSIM with remote provisioning capabilities that allows to download a new SIM profile and activate it remotely without having to handle the device. But in Turkey this is complicated as well.

Turkey is not the only country that has banned permanent roaming, and other states also have their regulations on cellular connectivity and data localization. Most countries either require a connectivity provider to have local data center and packet gateway (this is called IP localization), or demand that devices use local IMSI (International Mobile Subscriber Identity, a unique number that operators use to identify the subscriber on their mobile networks), which they can get from a global connectivity provider that has an agreement with local operators (the so-called soft localization).

However, the legislation is stricter in Turkey, where full localization is mandatory. The local regulator, Turkey’s Information Technologies and Communication Authority (Bilgi Teknolojileri ve İletişim Kurumu or BTK), requires that not only should a local profile be downloaded on a device with an eSIM, but that all structures, servers, software and equipment must be established by an authorized operator and kept within the Turkish borders. Moreover, the eSIM modules in these devices must be programmed in such a way so that they can be controlled by authorized operators.

This full localization implies not only legal, but certain technical difficulties for IoT deployments. Apart from an eSIM, the scheme of remote SIM provisioning in the M2M standard includes two main modules: Subscription Manager – Data Preparation (SM-DP) and Subscription Manager – Secure Routing (SM-SR). When performing remote provisioning, the former prepares and downloads profiles, while the latter is responsible for profile management and secure routing between the SM-DP and eSIM.


M2M SM-SR Swap


In some cases, both the SM-DP and SM-SR modules would belong to the same connectivity provider, sometimes they can be owned by different providers, but in Turkey’s case there seem to be additional challenges. The BTK regulations require that the eSIM programming should be controlled by authorized operators. Technically, that means that an SM-SR module involved in the eSIM provisioning process should belong to a local authorized entity.

To circumvent this hurdle, enterprises that deploy their devices with eSIMs to Turkey would have to contract with at least one, or better yet several local mobile network operators to ensure coverage and uninterrupted connectivity. For manufacturers that ship their devices globally that would also mean having a different SIM for devices heading to Turkey or are mobile like connected vehicles. All this would lead to multiple production lines and SKUs, logistics and supply schemes, and, inevitably, extra expenses. Moreover, these legislation requirements also affect the enterprises that intend to use the new GSMA IoT Remote SIM Provisioning Standard (SGP.32). The same statutes that regulate SM-SR usage apply to SM-DP+ modules in the new specification.

Webbing’s Solution

Webbing offers solutions that ensure streamlined connectivity for IoT devices all over the world. A distributed core network with data centers on every continent and partner network of over 600 mobile network operators in more than 190 countries and regions allow us to guarantee continuous connectivity with low latency and global coverage.

It also helps to comply with all kinds of regulatory requirements, be it preventing traffic to leave the country borders, using local IMSI or full localization. Technology and infrastructure wise, Webbing is capable of forming any architecture required by local legislation. Our eSIM solutions allow for remote provisioning and a swap between profiles, easily turning it into any operator’s SIM.

To address the technical aspect of the challenge, Webbing worked in collaboration with Protahub, the authorized entity in Turkey that provides eSIM management solutions for the telecommunications industry. Via a close cooperation with Protahub, Webbing is the first to offer a solution that ensures seamless localization for any IoT deployment.

While Protahub provided the SM-SR and SM-DP modules that met all legal requirements enforced by BTK, Webbing developed and implemented an SM-SR swap mechanism that would allow to perform remote provisioning for Webbing’s eSIMs. The solution developed by Webbing can automatically detect that a device is roaming longer than a certain period based on the regulation requirements or the business needs and download a new local eSIM profile using the SM-SR swap mechanism. With the logic of the process taken care of by Webbing, switching the device connectivity to local networks becomes seamless for enterprises and device manufacturers.

Webbing also offers a portal to manage eSIMs throughout their lifecycle. It allows for defining business rules that govern the automatic profile swap process and provides visibility to profile usage and network events, making connectivity transparent.

Webbing’s solutions simplify IoT connectivity, allowing enterprises to leverage connected devices while maintaining full control of their connectivity deployments. It helps to overcome the connectivity restrictions challenge in a simple and seamless way, avoiding the hassle of contracting with local wireless carriers and reducing expenses, making IoT deployments fast, cost-effective and future ready.

Reach out to [email protected] to learn more.